SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-113781668] LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-03-23OtherLCDSKarn Ganeshen, working with Trend Micros Zero Day Initiative (ZDI), discovered this vulnerability.N/ACVE-2017-6020 N/AN/AN/A

Source

						
							
								
#
# LCDS - Le„o Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
#


### VULNERABLE VENDOR
LCDS


### VULNERABLE PRODUCT
LAquis SCADA



### RESEARCHER
Karn Ganeshen, working with Trend Micro's Zero Day Initiative (ZDI), discovered this vulnerability.



### AFFECTED PRODUCTS

The following versions of LAquis SCADA, an industrial automation software, are affected:

LAquis SCADA software, versions prior to version 4.1.0.3237.



### IMPACT

Successful exploitation of this vulnerability could allow an unprivileged, malicious attacker to access files remotely.



### VULNERABILITY OVERVIEW

PATH TRAVERSAL CWE-22
The path traversal vulnerability exists when an application does not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
CVE-2017-6020 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)





### BACKGROUND

Critical Infrastructure Sector(s): Chemical, Commercial Facilities, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems
Countries/Areas Deployed: South America
Company Headquarters Location: Joinville-SC, Brazil
 



### MITIGATION

LCDS recommends that users update to the latest firmware, version 4.1.0.3237, which can be found at the following location:

http://laquisscada.com/instale1.php